A single transaction mistake resulted in one of the largest onchain losses recorded this year, after a user accidentally transferred nearly $50 million in USDt to a scam address through an address poisoning attack.
Onchain investigator Web3 Antivirus reported that the victim lost 49,999,950 USDt after copying a malicious wallet address from their transaction history.
Address poisoning scams work by sending small transactions from wallet addresses designed to closely resemble legitimate ones. These deceptive transfers appear in a victim’s transaction history, increasing the risk that the victim will later copy the fraudulent address instead of the intended recipient.
Blockchain data indicates that the victim first sent a small test transaction to the correct wallet address. However, minutes later, the main transfer—worth almost $50 million—was mistakenly sent to the poisoned address.
Subtle Address Similarity Can Deceive Even Experienced Users
Security researcher Cos, founder of SlowMist, highlighted that the fraudulent wallet address closely resembled the legitimate one—subtle enough to mislead even seasoned users. “You can see that the first three characters and the last four characters are the same,” he noted.
Onchain analysis shows the victim’s wallet had been active for nearly two years and was primarily used for USDt transactions. Shortly before the incident, the funds were withdrawn from Binance, indicating the wallet was actively managed at the time.
“This is the harsh reality of address poisoning—an attack that doesn’t exploit technical vulnerabilities, but human behavior,” another onchain analyst commented.
After receiving the funds, the attacker reportedly swapped the stolen USDt for Ether, distributed it across multiple wallets, and partially funneled it through Tornado Cash.
Crypto Hacks Reached $3.4 Billion in 2025
According to Cointelegraph, crypto-related hacks resulted in $3.4 billion in losses in 2025, marking the highest annual total since 2022. The increase was driven largely by a small number of high-profile breaches rather than a widespread rise in attack frequency.
Just three incidents accounted for 69% of total losses this year, with the $1.4 billion hack of crypto exchange Bybit alone representing nearly half of all stolen funds.
